News

Fake AI songs streamed billions of times, netting fraudster $10 million

Fake AI songs streamed billions of times, netting fraudster $10 million 2026-03-20 at 12:20 By Anamarija Pogorelec Michael Smith, 54, of Cornelius, North Carolina, has pleaded guilty in federal court to running a scheme that exploited music streaming platforms and diverted royalty payments from artists. He admitted to one count of conspiracy to commit wire […]

Fake AI songs streamed billions of times, netting fraudster $10 million Read More »

Unpatched ScreenConnect servers open to attack (CVE-2026-3564)

Unpatched ScreenConnect servers open to attack (CVE-2026-3564) 2026-03-20 at 11:44 By Zeljka Zorz ConnectWise has patched a critical vulnerability (CVE-2026-3564) that could enable attackers to hijack ScreenConnect sessions by abusing ASP.NET machine keys to forge trusted authentication. About CVE-2026-3564 The ScreenConnect remote access platform is popular with managed service providers, IT departments, and technology solution

Unpatched ScreenConnect servers open to attack (CVE-2026-3564) Read More »

ConductorOne unveils AI Access Management to accelerate secure, compliant AI adoption

ConductorOne unveils AI Access Management to accelerate secure, compliant AI adoption 2026-03-20 at 09:39 By Industry News ConductorOne has announced its AI Access Management product extension, a unified control plane for managing access to AI tools, agents, and MCP connections across the enterprise. The platform enables organizations to accelerate AI adoption while maintaining full visibility,

ConductorOne unveils AI Access Management to accelerate secure, compliant AI adoption Read More »

DarkSword: Researchers uncover another iOS exploit kit

DarkSword: Researchers uncover another iOS exploit kit 2026-03-19 at 16:54 By Zeljka Zorz A powerful iPhone hacking toolkit dubbed “DarkSword” has been used since November 2025 to compromise devices by exploiting zero-day iOS vulnerabilities, Google researchers have shared. iOS vulnerabilities exploited by DarkSword Two weeks ago, Google Threat Intelligence Group (GTIG) and iVerify disclosed the

DarkSword: Researchers uncover another iOS exploit kit Read More »

4chan shrugs off UK regulator, refuses to pay £520,000 in fines over online safety violations

4chan shrugs off UK regulator, refuses to pay £520,000 in fines over online safety violations 2026-03-19 at 16:54 By Sinisa Markovic The U.K.’s media regulator Ofcom fined 4chan £450,000 under the Online Safety Act for failing to introduce age checks to stop children from accessing pornographic content on its platform. 4chan is an online forum

4chan shrugs off UK regulator, refuses to pay £520,000 in fines over online safety violations Read More »

Secure endpoint management systems immediately, CISA urges

Secure endpoint management systems immediately, CISA urges 2026-03-19 at 14:59 By Sinisa Markovic The US Cybersecurity and Infrastructure Security Agency (CISA) warns that the cyberattack on Stryker Corporation serves as a signal to U.S. organizations that foreign cyber activity tied to Middle East conflicts may be spilling into their operations. Attackers breached Stryker’s internal Microsoft

Secure endpoint management systems immediately, CISA urges Read More »

CISA warns of active exploitation of Microsoft SharePoint vulnerability (CVE-2026-20963)

CISA warns of active exploitation of Microsoft SharePoint vulnerability (CVE-2026-20963) 2026-03-19 at 13:32 By Zeljka Zorz CVE-2026-20963, a remote code execution (RCE) SharePoint vulnerability Microsoft fixed in January 2026, is being exploited by attackers. The confirmation comes from the US Cybersecurity and Infrastructure Security Agency (CISA), which added the flaw to its Known Exploited Vulnerabilities

CISA warns of active exploitation of Microsoft SharePoint vulnerability (CVE-2026-20963) Read More »

900,000 contact records exposed in Aura data breach

900,000 contact records exposed in Aura data breach 2026-03-19 at 13:32 By Sinisa Markovic Aura, the online safety service, confirmed that an unauthorized party accessed about 900,000 records, mostly names and email addresses from a marketing tool linked to a company it acquired in 2021. The incident occurred as a result of a targeted phone

900,000 contact records exposed in Aura data breach Read More »

Google limits Android accessibility API to curb malware abuse

Google limits Android accessibility API to curb malware abuse 2026-03-19 at 13:32 By Anamarija Pogorelec Google is restricting how Android apps can use accessibility features after years of abuse by banking Trojans and mobile malware. The changes, introduced in Android 17.2, limit access to the accessibility API when Advanced Protection Mode (APM) is enabled. Apps

Google limits Android accessibility API to curb malware abuse Read More »

EDR killers are now standard equipment in ransomware attacks

EDR killers are now standard equipment in ransomware attacks 2026-03-19 at 12:02 By Anamarija Pogorelec Ransomware attackers routinely deploy tools designed to disable endpoint detection and response software before launching encryptors. These tools, known as EDR killers, have become a standard component of ransomware intrusions. ESET Research tracked nearly 90 EDR killers actively used in

EDR killers are now standard equipment in ransomware attacks Read More »

Samba 4.24.0 ships Kerberos hardening and a CVE fix for domain encryption defaults

Samba 4.24.0 ships Kerberos hardening and a CVE fix for domain encryption defaults 2026-03-19 at 10:35 By Sinisa Markovic Samba 4.24.0 arrived carrying a set of Kerberos security changes aimed at Active Directory deployments. The release fixes a vulnerability, extends audit coverage for sensitive AD attributes, and introduces configuration options to counter two related Kerberos

Samba 4.24.0 ships Kerberos hardening and a CVE fix for domain encryption defaults Read More »

Java 26 ships with new cryptography API and HTTP/3 support

Java 26 ships with new cryptography API and HTTP/3 support 2026-03-19 at 09:59 By Anamarija Pogorelec Oracle released JDK 26, the 17th consecutive feature release delivered under the six-month cadence the project adopted in 2018. The release includes ten JDK Enhancement Proposals spanning language changes, garbage collection improvements, cryptographic tooling, and network protocol support. PEM

Java 26 ships with new cryptography API and HTTP/3 support Read More »

AI got it wrong with high confidence. Now what?

AI got it wrong with high confidence. Now what? 2026-03-19 at 09:02 By Mirko Zorz In this Help Net Security interview, Christian Debes, Head of Data Analytics & AI at SPRYFOX, talks about the growing gap between what AI models do and what their operators can explain. He argues this gap is already a liability,

AI got it wrong with high confidence. Now what? Read More »

Betterleaks: Open-source secrets scanner

Betterleaks: Open-source secrets scanner 2026-03-19 at 09:02 By Anamarija Pogorelec Secrets scanning has become standard practice across engineering organizations, and Gitleaks has been one of the most widely used tools in that space. The author of that project has now released a new tool called Betterleaks, which is designed to scan git repositories, directories, and

Betterleaks: Open-source secrets scanner Read More »

Elite members of North Korean society fake their way into Western paychecks

Elite members of North Korean society fake their way into Western paychecks 2026-03-19 at 09:02 By Sinisa Markovic Increased federal activity, including indictments over the past year, has drawn attention to a pattern that has been unfolding inside corporate hiring pipelines. North Korean nationals are securing roles as remote IT contractors and full-time staff within

Elite members of North Korean society fake their way into Western paychecks Read More »

Your APIs are under siege, and attackers are just getting warmed up

Your APIs are under siege, and attackers are just getting warmed up 2026-03-19 at 07:21 By Anamarija Pogorelec Internet-facing systems are handling sustained levels of malicious traffic across APIs, web applications, and DDoS channels. Akamai’s State of the Internet security report places these patterns within the same operating environment, with activity increasing across each area

Your APIs are under siege, and attackers are just getting warmed up Read More »

Spotlight Report: Cyber Resilience and Business Impact in US SLED for 2026

Spotlight Report: Cyber Resilience and Business Impact in US SLED for 2026 2026-03-18 at 16:02 By Threat groups are uniquely open-minded when selecting their targets. They may issue platitudes about avoiding schools or critical infrastructure, but data from LevelBlue’s just-releasedSpotlight Report: Cyber Resilience and Business Impact in US SLED shows this is, unsurprisingly, false. This article

Spotlight Report: Cyber Resilience and Business Impact in US SLED for 2026 Read More »

Apple starts issuing lightweight security updates between software releases

Apple starts issuing lightweight security updates between software releases 2026-03-18 at 13:32 By Sinisa Markovic Apple is delivering small security updates, called Background Security Improvements, starting with iOS 26.1, iPadOS 26.1, and macOS 26.1. Apple describes Background Security Improvements as lightweight security releases for components such as Safari, the WebKit framework, and other system libraries,

Apple starts issuing lightweight security updates between software releases Read More »

Scroll to Top